ALAS-2019-1277

Amazon Linux 1 Security Advisory: ALAS-2019-1277
Advisory Release Date: 2019-09-08 22:54 Pacific
Advisory Updated Date: 2019-09-09 20:58 Pacific

Severity: Critical

References: CVE-2019-15846
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.(CVE-2019-15846)

Affected Packages:

exim

Issue Correction:
Run yum update exim to update your system.

New Packages:

i686:
    exim-greylist-4.92-1.24.amzn1.i686
    exim-pgsql-4.92-1.24.amzn1.i686
    exim-mon-4.92-1.24.amzn1.i686
    exim-4.92-1.24.amzn1.i686
    exim-debuginfo-4.92-1.24.amzn1.i686
    exim-mysql-4.92-1.24.amzn1.i686

src:
    exim-4.92-1.24.amzn1.src

x86_64:
    exim-pgsql-4.92-1.24.amzn1.x86_64
    exim-mysql-4.92-1.24.amzn1.x86_64
    exim-mon-4.92-1.24.amzn1.x86_64
    exim-greylist-4.92-1.24.amzn1.x86_64
    exim-debuginfo-4.92-1.24.amzn1.x86_64
    exim-4.92-1.24.amzn1.x86_64

Additional References

Red Hat: CVE-2019-15846

Mitre: CVE-2019-15846